Added context struct #43

zevv · 2024-12-10T15:07:41Z

This change allows a program to create multiple instances of the zforth interpreter and virtual machine: moves all the globals from zforth.c to a new struct zf_ctx and adds the zf_ctx *ctx argument to all zforth functions.

This does result in a bit larger binary size.

interpreter to be exist at the same time.

src/linux/main.c

 	}


 	/* Include files from command line */

 	for(i=0; i<argc; i++) {
-		include(argv[i]);
+		include(ctx, argv[i]);


To fix the problem, we need to validate the user input before using it to construct a file path. Specifically, we should ensure that the file path provided by the user does not contain any path separators or ".." sequences, which could lead to path traversal vulnerabilities. We can achieve this by adding a validation function that checks for these invalid sequences and rejects the input if any are found.

src/zforth/zforth.c

-		if(code <= PRIM_COUNT) {
-			do_prim((zf_prim)code, input);
+		if(code < PRIM_COUNT) {
+			do_prim(ctx, (zf_prim)code, input);


To fix the problem, we need to validate the user input before it is used to construct a file path. Specifically, we should ensure that the input does not contain any path separators or ".." sequences that could lead to path traversal attacks. This can be done by adding a validation function that checks for these invalid sequences and rejects the input if any are found.

Add a validation function to check for invalid sequences in the user input.

Use this validation function in the include function in src/linux/main.c before calling fopen.

Ensure that the input parameter in the run function in src/zforth/zforth.c is validated before it is used.

src/zforth/zforth.c

+			 * definition as a literal. At run time, the value will be pushed
+			 * on the stack. */
+			if(COMPILING(ctx)) dict_add_lit(ctx, zf_pop(ctx));
+			/* FIXME: else abort "!compiling"? */


src/zforth/zforth.c

 			break;

 		case PRIM_EXIT:
-			ip = zf_popr();
+			/* Return from word */
+			ctx->ip = zf_popr(ctx);


src/zforth/zforth.c

-			zf_push(peek(addr, &d1, len));
+			/* Get length of cell; consumes size encoding and address */
+			size = zf_pop(ctx);
+			addr = zf_pop(ctx);


src/zforth/zforth.c

-			zf_push(d1);
+			/* Peek at memory; consumes size encoding and address */
+			size = zf_pop(ctx);
+			addr = zf_pop(ctx);


src/zforth/zforth.c

-			d1 = zf_pop();
+			/* Poke memory; consumes size encoding, address, and value */
+			size = zf_pop(ctx);
+			addr = zf_pop(ctx);


src/zforth/zforth.c

-			addr = zf_pop();
-			zf_push(zf_pick(addr));
+			/* Pick n-th element from stack */
+			addr = zf_pop(ctx);


src/zforth/zforth.c

-			addr = zf_pop();
-			zf_push(zf_pickr(addr));
+			/* Pick n-th element from return stack */
+			addr = zf_pop(ctx);


src/zforth/zforth.c

 			break;

 		case PRIM_EQUAL:
-			zf_push(zf_pop() == zf_pop());
+			/* Push true if top two elements on stack are equal, else false */
+			zf_push(ctx, zf_pop(ctx) == zf_pop(ctx) ? ZF_TRUE : ZF_FALSE);


Added VM context zf_ctx to allow multiple instances of the forth

169249f

interpreter to be exist at the same time.

zevv force-pushed the ctx branch from 95dc19f to 169249f Compare December 10, 2024 15:09

disruptek and others added 8 commits December 16, 2024 11:50

comments, clarify size encoding, ZF_TRUE|FALSE

bd7796b

fix off-by-one

e01d6c5

wip literal per ANS forth

8f787f3

Updated README

75dfb51

Merge remote-tracking branch 'disruptek/d1' into ctx

9d7742f

refactoring

2736e29

Moved ZF_TRUE/ZF_FALSe to zforth.h

6399bc7

Fixed NOREADLINE compilation

2cf6781

zevv merged commit 4c23228 into master Dec 18, 2024
1 check passed

github-advanced-security bot found potential problems Dec 18, 2024

View reviewed changes

@@ -270,2 +270,6 @@
             	for(i=0; i<argc; i++) {
+            		if (strstr(argv[i], "..") || strchr(argv[i], '/') || strchr(argv[i], '\\')) {
+            			fprintf(stderr, "Invalid file path: %s\n", argv[i]);
+            			continue;
+            		}
             		include(ctx, argv[i]);

@@ -452,2 +452,8 @@
             {
+            	// Validate the input
+            	if (input && (strstr(input, "..") || strchr(input, '/') || strchr(input, '\\'))) {
+            		fprintf(stderr, "Invalid input.\n");
+            		return;
+            	}
             	while(ctx->ip != 0) {

@@ -62,2 +62,8 @@
+            	// Validate the filename
+            	if (strstr(fname, "..") || strchr(fname, '/') || strchr(fname, '\\')) {
+            		fprintf(stderr, "Invalid filename.\n");
+            		return;
+            	}
             	FILE *f = fopen(fname, "rb");

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Added context struct #43

Added context struct #43

zevv commented Dec 10, 2024

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Added context struct #43

Added context struct #43

Conversation

zevv commented Dec 10, 2024